Re: Replication between parent child domains
- From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
- Date: Mon, 16 Oct 2006 15:53:48 +0100
Hi
Careful- Stub zones do not remove the requirement for delegations
Check the following options:
- Forwarding: DNS server will forward any query it can't answer, Checks zone
data and cache then forwards. ("All other Domains" option - pointing to TLD
DNS Servers) all queries will go to tld DNS server (including Internet
resolution queries), if the link with tld is down then queries will fail for
domains but the DNS server will attempt to use its root hints to resolve the
these queries (unless you select the option don't use recursion for this
domain- this can represent security problems because the DNS goes to public
network trying to resolve all queries that isn't authoritative for).
*Please note, only a failure to respond will cause the DNS client to switch
Preferred DNS servers; receiving an authoritative but incorrect response
does not cause the DNS client to try another server. As a result,
configuring a Domain Controller with itself and another DNS server as
Preferred and Alternate servers helps to ensure that a response is received,
but it does not guarantee accuracy of that response. DNS record update
failures on either of the servers may result in an inconsistent name
resolution experience
- Conditional Forwarding: you can have better control by defining which DNS
servers will the server contact for zones that the server isn't
authoritative for, and if the link is down to any particular domain/site,
that doesn't mean that other queries will fail as long as you have the link
up to these domains/sites. Each domain name used for forwarding associated
with a forwarders list, Checks zone data and cache for answer, then uses
forwarders list to resolve, DNS server compares queried name to list of
domain name conditions
- Stub zones: Stub zones contain a read-only copy with specific records
(SOA, NS and related A) the big advantage of stub zones is that they'll
refresh automatically, a server hosting stub zone contacts zone master for
zone transfer, A master server may be a primary or secondary server for
actual zone, you don't need to allow zone transfer for stub zones to work
(Careful- Stub zones do not remove the requirement for delegations, Stub
zone data doesn't transfer during zone transfers like delegation information
does, Can be dangerous to use instead of delegation, If parent zone is
transferred without delegation information, how will server find child
zones?). Typically contiguous namespaces will not benefit using stub zones,
only disjoint namespaces may benefit using stub zones.
- Secondary Zones: also contains a Read-Only copy of the zone, all queries
can be resolved locally, but you need to allow zone transfer on each zone.
- Active Directory Integrated Zones (require that the DNS is also a DC), the
zone is replicated with AD replication, is better from security perspective,
you can always choose by replicate them across the domain or forest. This
can have a significant impact on your replication traffic if you choose to
replicate all zones across the forest.
The _msdcs.domain.tld contain information about Global catalog and other
domain/forest important records and they only exist in parent (root) DNS
server, so is always a good practice to replicate the root
_msdcs.domain.tld across the forest.
Most common configuration scenario is:
- On the TCP/IP properties of the child domain server, change the TCP/IP
address of the DNS server to point to its own TCP/IP address
- Consider integrating DNS with the Active Directory on the child DNS server
- Add the parent (root) DNS server as a forwarder on the child DNS server
Firewall considerations:
To Configure DNS behind a Firewall
Proxy and Network Address Translation (NAT) devices can restrict access to
ports. DNS uses UDP and TCP port 53. The DNS Service Management console also
uses remote procedure call (RPC). RPC uses port 135. These are potential
issues that could arise when you configure DNS and firewalls.
Related links:
Support WebCast: Microsoft Windows Server 2003 DNS: Stub Zones and
Conditional Forwarding
http://support.microsoft.com/default.aspx?scid=kb;en-us;811118
Best practices for DNS client settings in Windows 2000 Server and in Windows
Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;825036&sd=RMVP
How to Create a Child Domain in Active Directory and Delegate the DNS
Namespace to the Child Domain
http://support.microsoft.com/kb/255248/
Conditional Forwarding in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;304491
How to configure DNS for Internet access in Windows Server 2003
http://support.microsoft.com/kb/323380/
How to configure DNS for Internet access in Windows 2000
http://support.microsoft.com/kb/300202/
How to Delegate All Internet Top-Level Domains on an Internal Root DNS
Server
http://support.microsoft.com/default.aspx?scid=kb;en-us;294906&sd=RMVP
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"T. Uranjek" <toniuranjek@xxxxxxxxxxx> wrote in message
news:uoebm9O8GHA.4012@xxxxxxxxxxxxxxxxxxxxxxx
Hi!
Yes, you can create child domain in Sydney and then move child domain DC
to Melbourne, to avoid replication traffic. I can't tell you which is the
best way to set up DNS in your particular case, but I would normaly choose
stub zones. If you are using a stub zone and you have a firewall between
DNS servers in the networks, then DNS servers on the query/resolution path
must have port 53 open. However, if you are using conditional forwarding
and you have a firewall between DNS servers in each of the networks, the
requirement to have port 53 open only applies to the two DNS servers on
either side of the firewall.
HTH
Toni
"Chief" <Chief@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:3B30D970-4FB1-4553-BE68-E3E55FB4A144@xxxxxxxxxxxxxxxx
Just a couple of things will i be able to create the child domain in
sydney
then move it down to melbourne i dont want to have the replication
traffic by
doing it melbourne? Also what would be the best way to set up dns should
i
create a conditional forwader on the syndey domain or create a delegation
to
the melbourne domain and create a stub zone back up to the sydney domain
from
the melbourne dc? What would be the best way to go about this?
"T. Uranjek" wrote:
Hi!
I would create sitelink between Sydney an Melbourne. And yes, schema and
configuration partitions are replicated through entire forest. When
checking
or forcing replication between sites use Replication Monitor from
Support
Tools instead of Active Directory Sites and Services tool.
HTH
Toni
"Chief" <Chief@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F7DAA804-B8CC-48E2-82AD-5891786CA270@xxxxxxxxxxxxxxxx
I have all connections going through the SYdney link so there is no
direct
link between melbourne and perth and SYndey holds the forest fsmo
roles
should i create a bridged link with all three sites or should i just
create
a connection for melborne going back to sydney? Also it is just the
schema
and configuration partitions from the forest that get replicated to
the
child
domain is that right?
"T. Uranjek" wrote:
Hi!
Firsy you should set up child domain, then create a site for
Melbourne
anf
put DC for child domain in Melbourne site. Then you should create
sitelink
according to your WAN links. It wouldn't be bad if you could create
sitelink
with site in which FSMO holder resides.
HTH
Toni
"Chief" <Chief@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8A0D5A1A-0366-4E9F-AE0C-BC5186C574C8@xxxxxxxxxxxxxxxx
Hi I have been forced to create a new child domain in my Melbourne
office
due
to politics within the business at the moment i have a single
domain
with
2
sites one in Sydney and the other Perth which works fine. Just
wondering
if i
add a child domain how would i have to implemet the replication can
i
create
a site for the Melbourne office to link them with the other 2 dc.
What
is
the
best way of setting this up?
.
- Follow-Ups:
- Re: Replication between parent child domains
- From: Chief
- Re: Replication between parent child domains
- References:
- Re: Replication between parent child domains
- From: T. Uranjek
- Re: Replication between parent child domains
- From: T. Uranjek
- Re: Replication between parent child domains
- From: Chief
- Re: Replication between parent child domains
- From: T. Uranjek
- Re: Replication between parent child domains
- Prev by Date: Re: Trust relationship
- Next by Date: Best Way Migrate OU structure and GPOs between interforrest domains- Does CreateEnvironmentFromXML.wsf delete existing OUs?
- Previous by thread: Re: Replication between parent child domains
- Next by thread: Re: Replication between parent child domains
- Index(es):
Relevant Pages
|
